CVE-2023-4296

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

CVE-2023-4296

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

Code injection

?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

CVE-2023-4296

PTC Codebeamer CVE-2023-4296 is a cross-site scripting vulnerability (CWE-79) in the Codebeamer ALM platform. An attacker tricks an admin into clicking a malicious link, potentially injecting arbitrary JavaScript into the victim’s browser. Affected versions: Codebeamer <= 22.10-SP7, <= 22.0...

CVE-2023-4296 PTC Codebeamer Cross site scripting

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on August 29, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-241-01 PTC CodeBeamer CISA encourages users and administrators to review the newly released...

PTC Codebeamer

1. EXECUTIVE SUMMARY ​CVSS v3 8.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: PTC ​Equipment: Codebeamer ​Vulnerability: Cross site scripting 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to inject arbitrary JavaScript code, which...

Intland Software codeBeamer ALM 跨站脚本漏洞

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. The Intland Software codeBeamer ALM suffers from a cross-site...

PT-2023-5334 · Ptc · Ptc Codebeamer

Name of the Vulnerable Software and Affected Versions: PTC Codebeamer affected versions not specified Description: The issue exists due to inadequate protection of the web page structure in PTC Codebeamer, allowing a remote attacker to execute arbitrary code. If an attacker tricks an admin user...

CVE-2020-26515

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...

CVE-2020-26517

A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...

CVE-2020-26517

A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...

CVE-2020-26516

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...

CVE-2020-26516

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...

CVE-2020-26515

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...

Cross site request forgery (csrf)

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...

Cross site scripting

A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...

Code injection

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...

CVE-2020-26515

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...

CVE-2020-26515

The CVE-2020-26515 entry concerns Intland codeBeamer ALM 10.x–10.1.SP4, where the remember-me cookie CB_LOGIN stores user credentials and is encrypted with a NULL key due to a bug in the application. This creates an insufficient protection of credentials with potential exposure if the cookie is a...